undefined | Better HN

0 pointsfemiagbabiaka4y ago0 comments

Your home network and a cloud datacenter aren’t comparable. Many clouds have host level firewall policies as a core feature, and anyone competent is managing them profile-style using Terraform or an equivalent. It’s really quite easy from that perspective.

0 comments

otabdeveloper44y ago

> Your home network and a cloud datacenter aren’t comparable.

Of course they are. I didn't need to think about firewall automation before, and now I do. For what gain?

> anyone competent

Not an option for most people. Let's make networking and security things more foolproof, not less, okay?

jiggawatts4y ago

You really are refusing to listen to what people are telling you.

I have an Internet router, which uses NAT for IPv4, same as everyone else. If I want to punch a hole through for something like RDP or SSH, I have to use unique port numbers because I only have one Internet-facing IP address. Because there are only 3 billion IPv4 addresses for the whole World, all of them are regularly scanned by Bad People for open ports, making this RISKY.

I also have IPv6 enabled on it. No NAT. If I want to punch a hole through for RDP or SSH, I can use the standard ports because each device has a unique Internet-facing IP address. My router alone has 2^64 (millions of trillions) of unique addresses, of which a random 5 or 6 have been allocated. There is no way anyone ever is going to be able to scan these. I can SAFELY open standard port numbers and not have to worry about drive-by attacks.

THERE IS NO OTHER DIFFERENCE.

The router works the same, the firewall works the same, the Internet works the same, the GUI is the same. IT IS ALL THE SAME!

NAT is not magic. It is not a firewall. It is not necessary. It is not beneficial.

otabdeveloper44y ago

Security by obscurity?

This problem is (correctly) solved by VPN.

femiagbabiakaOP4y ago

Nobody is stopping you from running a NAT gateway until 2120 at home. IPv6 solves specific problems in a datacenter context, namely address exhaustion. You'll never run into that problem at home.

j / k navigate · click thread line to collapse

0 comments

otabdeveloper44y ago

> Your home network and a cloud datacenter aren’t comparable.

Of course they are. I didn't need to think about firewall automation before, and now I do. For what gain?

> anyone competent

Not an option for most people. Let's make networking and security things more foolproof, not less, okay?

jiggawatts4y ago

You really are refusing to listen to what people are telling you.

THERE IS NO OTHER DIFFERENCE.

The router works the same, the firewall works the same, the Internet works the same, the GUI is the same. IT IS ALL THE SAME!

NAT is not magic. It is not a firewall. It is not necessary. It is not beneficial.

otabdeveloper44y ago

Security by obscurity?

This problem is (correctly) solved by VPN.

femiagbabiakaOP4y ago

Nobody is stopping you from running a NAT gateway until 2120 at home. IPv6 solves specific problems in a datacenter context, namely address exhaustion. You'll never run into that problem at home.

j / k navigate · click thread line to collapse